In order to get the expected self signed error when

calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.
2003-09-21 02:12:36 +00:00
parent d5adc4b475
commit a26be0386e
1 changed files with 1 additions and 1 deletions
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1145,7 +1145,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	else if (!(bs = load_serial(CAfile, serialfile, create)))
 		goto end;

-	if (!X509_STORE_add_cert(ctx,x)) goto end;
+/*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/

 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */